AdSense Mobile Ad

Thursday, November 26, 2009

This is a tip for you, UNIX users (with OpenSSL installed), who wish to obtain a server's public SSL key.

I'm configuring a Java EE application that needs to connect to an IMAP server using SSL on a Solaris 10 box. For that reason, I need to import the IMAP server SSL public key into my Java runtime certificates file.

Solaris 10 brings a bundled OpenSSL package which it's very easy to accomplish this task with. Just launch your favorite shell and execute the following command:

$ openssl s_client -connect destination.server:[service|port]

In my case, being an IMAP server using a non-standard port, I used:

$ openssl s_client -connect my.imap.server:999

CONNECTED(00000004)

[...snip...]

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDWzCCAsSgAwIBAgIKYgnCCAADAAAJ5DANBgkqhkiG9w0BAQUFADBGMQswCQYD

VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu

dGVybmV0IEF1dGhvcml0eTAeFw0wOTA3MTcxNzEzNDFaFw0xMDA3MTcxNzIzNDFa

MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N

b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5pbWFw

LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+O0vc2pslfjk

pbxnBF4iznJMrP9Qi3fHjKqA3P2RynTcbnZfGEGMKcPeXHT4IOH6XUnf+4Jw+z7I

KiMtjX8IVGo7DeXec/ZREasEZnpMGisxN7+qk7Ho6HyaglQTAFIQJP99UFJkHO9x

dGDy5d2j9senPad1BqtyaIRGkJpHizUCAwEAAaOCASwwggEoMB0GA1UdDgQWBBT0

WHOeLKf4+VNADzHzGh+AEV+6fjAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra

42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv

b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy

bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp

Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo

b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ

KoZIhvcNAQEFBQADgYEAXLvdKJJ6ivWAi29p4pPo4cirMEYnRlpNOmPVAW4QYcSq

lEZhm4cQdyitFo9cxiwNgbBjJk8O+oiOhnueT44RXotEE7j3KnNyPRRZg0OCagGC

4G71fFA11P1L0fSd/7k52/DbZQBea3tJgkseoGL50UVvnJm+LZOovIGxoQzipJk=

-----END CERTIFICATE-----

[...snip...]

The key I need to import is the shown certificate, including the beginning and the end line.

I saved the key in a file called imap.key and I imported in my Java runtime certificates file with the following command:

Tuesday, November 24, 2009

Today I created a bunch of new projects in our JIRA 4.0 instance and, for the first time, I needed to create a custom workflow for some issue types. JIRA is flexible and powerful and it was pretty easy to create a new workflow just cloning (copying) the default JIRA workflow. All I had to do to fulfill my requirements was:

Define a new status: Waiting for feedback

Define a new step: Waiting for feedback

Create new transitions to and from this new workflow state.

Leveraging JIRA's powerful administration console the new workflow was defined in just a few minutes. Once done, I defined a new workflow scheme and associated to some of my new projects.

It was with some surprise that I realized that the new transition wasn't restricted to developers: it was there for everyone to trigger. Obviously, I'd overlooked something in the configuration so that I checked the permissions and everything seemed to be fine until I realized what was wrong: workflow transitions are protected by conditions. In my case, I required that only the issue assignee could trigger a transition.

Although the workflow was being used, creating a draft workflow was a no brainer. In the draft workflow I added the required condition:

Only the assignee of the issue can execute this transition.

Once done, I published the new workflow. JIRA quickly converted the existing issue to the new workflow and the error was corrected without even bringing the project down.

Introduction

In the previous post you've learnt how to configure Sendmail to relay messages to another server. Now, such a server should be probably be configured to accept incoming messages to relay from other servers. Solaris 10 Sendmail default configuration does not allow message relay and proper configuration must be applied to Sendmail.

Configuring Relay for Hosts and Domains

The quickest way to have Sendmail relay messages for other domains is by modifying the /etc/mail/relay-domains file. Sendmail will relay mail for every domain listed in that file. If you want your server to relay messages for domain a.com, b.com and c.com, just insert the corresponding lines into /etc/mail/relay-domains and restart your Senmail instance:

# cat /etc/mail/relay-domainsa.comb.comc.com

Configuring the Access Database

If you want to relay messages from specific hosts (as well as domains and networks) you can use the access database. The access database lists email addresses, network numbers and domain names and a rule. Available rules are:

OK: Accept mail even if other rules in the running ruleset would reject it.

RELAY: Accept mail addressed to the indicated domain or received from the indicated domain for relaying.

REJECT: Reject the sender or recipient with a general purpose message.

DISCARD: Discard the message completely using the $#discard mailer.

(A RFC-821 compliant error text): Return the error message.

If you want your Sendmail to relay mails for a domain or from some specific hosts, modify your /etc/mail/access accordingly:your-domain RELAY192.168.0 RELAYanother-domain RELAYunwanted-host REJECT

Once done, you have to generate the access db with the following command:

# makemap hash /etc/mail/access.db < /etc/mail/access

Enabling the Access Database

To have your Sendmail use the access database, you must properly configure it adding the access_db feature to its configuration file:

# cat your-file.mc[...snip...]FEATURE(`access_db')[...snip...]

Restart your Sendmail and enjoy!

A Word of Warning: DNS Configuration

Sendmail often requires that host name you use in your configuration files (such as the access database) are properly configured in your name server, both for lookup and reverse lookup. I hope this will spare you some headache while debugging.

Introduction

Sometimes you just need to configure your Sendmail to relay messages to another server. I often use such a configuration to centralize Sendmail configuration: if something had to change I would just need to change a reduced number of configuration files. For example, I made heavy use of Solaris Zones technology. Unless particular configuration is needed, whenever I create a new zone, I just configure its Sendmail to relay messages to another server (which is, incidentally, one of the preconfigured Sendmail zones we use).

Setting Up a Sendmail Smart Host

Setting up Sendmail to relay messages to another server is pretty easy. Modify your configuration file and use the following macro:

[...snip...]define(`SMART_HOST', `your-smart-host')[...snip...]

The smart host is the host this instance will relay messages to. This macro will be translated into a DS statement in your Sendmail configuration file. You should never modify .cf files directly: always compile .mc files! By the way, sometimes is useful to know .cf syntax if you need to interpret existing .cf files when you've lost the corresponding .mc files (something that should never pass to a seasoned System Administrator).

Sendmail Masquerading

Now that you've got your Sendmail up and running it's time to do some tweaking. If you try and send mail from your host, you'll notice that messages are sent from an address such as your-user-name@hostname.your.domain. That's not probably what you want (that address isn't probably even reachable from the outside) and you'd rather like: your-user-name@your.domain. Fine, that feature is called masquerading. To masquerade outgoing mail you can use the MASQUERADE_AS and MASQUERADE_DOMAIN macros, as in the following example:

Introduction

Whoever tried to get Sendmail up and running will agree that taming Sendmail requires black magic. I won't even try to enter into Sendmail internal and details: I don't master it and conform with being able to configure my Solaris box (and zones) to fulfill my needs. Nevertheless, I'll admit that Sendmail has got its own spell and felt compelled to keep on reading on to discover what Sendmail is capable of.

Verifying Sendmail State and Starting It Up

Solaris 10 Sendmail is configured as an SMF-managed service. To check sendmail status you can use:

Configuring Sendmail for Open Mode

Solaris 10 Sendmail configuration is such that Sendmail will only run in local mode, thus rejecting connections from other hosts. If you want to review Sendmail default Solaris 10 configuration, you can use:

Local and smtp mailers are on and you should be able to send mail, both locally and remotely, from such a host. Unless you configure your perform additional configuration, you won't be able to connect remotely to this instance, nor using such an instance as a mail relay. Naturally, some tweaking is usually required and it will be performed with the procedure described in the following sections.

Building a Configuration File for Sendmail

To build a configuration file for your Sendmail you can perform the following:

Thursday, November 19, 2009

What's the desktop application most commonly used? For a great majority of persons the answer is simple: the browser. The omnipresent browser has begun not to be perceived as an application anymore: instead, it's the container where web applications run.

Although there's still plenty of space for desktop applications,they can't be thought as stand-alone any longer. Users continuouslyrely on Internet as a source of information and desktop applications had to learn to use Internet as if it were a database.

Browsers and web developers probably learnt that before: WebServices and the AJAX paradigm being just the last trends in theindustry. Vendors have been implementing similar technologies in theirSDKs and the boundary between web-technologies and general purposeframework gets thinner day by day.

I just remember when JAX-* specifications were being integrated intoJava2 Enterprise Edition: nowadays you can hardly think of a Javadesktop application not leveraging JAX-WS or JAX-RS.

Many vendors have being trying to port web technologies on the desktop and the major players in this are are:

Adobe, with Adobe AIR

Sun Microsystems with JavaFX framework

Google, with Google Gears

I've being intensively using Gears-powered applications just becauseI'm a faithful Google applications user. I must say that I'm prettyhappy with it and that in this sense Google is probably making one stepmore in this direction with its Google Chrome OS. Nowadays, althoughGoogle Chrome still is a browser, it really acts as an environment for Google Gears applications.

As far as it concerns JavaFX, I've played a little with it with myNetBeans and I must say that I'm impressed. Java SE and Java EE alreadyhave all of the pieces you need to build rich internet applications andJavaFX goes one step further: it's a platform that aims to support avariety of devices (browsers, mobile phones, gaming consoles and soforth).

Adobe AIR is impressive: although I never wrote any line of of code, I've seen some applications and, just as anything-Adobe, great hype is given to integration with Flex/Flash applications.

Which one should I go with?

Although every framework has got its own peculiar advantages, such adecision depends on many factors, such as your needs and yourrequirements.

One of the fundamental advantages of web applications is theirplatform-independence (usually). Yes, there are many glitches dependingon the browser you're using but nowadays the situation is prettysatisfactory, at least as far as it concerns an applicationfunctionality. Such an independence is achieved by means of thebrowser, which is the container in which such an application isexecuted. Taking an application out of the browser is complex and inthat process you run the risk of reducing an application's portability.That's the original sin of many frameworks, such as Adobe AIR.

I strongly believe in portability and that's something I'mnever going to sacrifice easily and when I do the requirement must becompelling. That's why I always go with Java.

The Java language itself has been recently enhanced by annotationswhich are commonly used by specifications and frameworks (such asSpring) to greatly reduce boilerplate code. EJB 3.0, JPA, JAX-RS,JavaBeans Validation (JSR-303) are just examples of theannotation-centric APIs you can use in a Java program just by applyingmetadata to your class and letting the framework (or the container) dothe job. POJO-based and annotation based frameworks and APIs greatlycontributed to simplify the programming models previously used: whetheryou're developing a web service, a web service client, an interactionwith a DB, an EJB, you're probably producing just POJOs. Reusing suchobjects is straightforward: the boundary that existed between thevarious kind of Java applications have blurred and nowadays is almostnull.

Moreover, in the incredibly vast ecosystem of Java libraries andframeworks you're probably going to find everything you need to get thejob done.

Conclusion

When deciding the tools you're going to use to develop your nextapplication, always consider that there's someone out there who mightnot be using your browser or your OS. If you haven't got compellingreasons, don't shut the door in their face. Users do not understand, sometimes not even with reasons. And they'd just turn to another provider.

Tuesday, November 17, 2009

Some posts ago (Poor man's web redirection using a servlet filter) I described how I'm sending an HTTP Redirect Status Code back to a client. Such a solution was easy for me to implement because we're already running Java EE applications on our application servers and, on the other hand, we have no other web server available (if you're thinking about Apache HTTP Server). The previous post fails in pointing out that, implementing such a solution from scratch, is really overkill.

If you're one of the many users of Apache HTTP Server you should be aware of a functionality called Virtual Hosts. Virtual hosts let you run multiple web sites on a single Apache HTTP server instance and requests will be forwarded to the appropriate web site by using either the target IP address or the name you used to connect to the site. The last step will be configuring Apache so that such a Virtual Host will be served by proxying the destination server.

With such a proxy/gateway you'll be able, for example:

To serve different domains, subdomains or even specific URLs with just one Apache HTTP Server instance.

To offer a gateway in the case you've got a reduced number of public IPs and you don't want to publish HTTP services on ports other than 80.

DNS configuration

First of all I substituted the old DNS record with a CNAME which points to this Apache HTTP Server instance. Now, whenever a client requests www.domainA.com, the connection will be established with the target Apache.

Friday, November 13, 2009

Many of us Solaris users have been waiting for this a long time. Fluendo has finally released its DVD Player for Solaris as well.

This is great news. I've been using Fluendo codecs on Solaris since a long time and I'm trying right now their DVD Player. So far I had no issue and it clearly is a leap forward for Solaris as a desktop platform.

There exists, indeed, open source and free alternatives such as Xine and MPlayer. To be fair, I never had any problem with Xine: I'm a faithful Xine user since so many years. The only issues I had are related to Blastwave's Xine packages which seem to broke many Nevada builds ago (b110 more or less). To play encrypted DVDs you also need to compile your own libdvdcss, which may be an issue for a non technical user.

If you're willing to support companies like Fluendo, which is supporting the Solaris Operating System even for desktop products like a DVD Player, please don't think twice and buy it.

Sunday, November 1, 2009

Does this opening sentence sound familiar to you? Two days ago, after installing Duke Nukem 3D on my iPhone, I launched the game and was welcome by it.

I used to play with Duke on a PC powered with a Pentium 133 a long, long time ago. When I saw it on the App Store, by chance, I couldn't resist buying it and playing it again.

The port is really good, although still incomplete. The primary three episodes are there (L.A. Meltdown, I didn't even remember the name!) and the feeling is just the same. I noticed some graphical detriment that I wouldn't call minor:mirror effects, for example, were things that made Duke 3D so cool,back in the 90's. Playability on the iPhone isn't so good, either, inmy opinion. The user is given two choices: digital and analog controls.

Digital controls, whose screenshot is shown in the next picture,is the easiest control to get accustomed to. By sliding your fingeronto four buttons you can control Duke's movements just as if you were using a joystick. While playing you still need to use additional buttons (such as jump or use): these buttons are located on the uppermost right corner ofthe screen and they're sufficiently small so as you confuse them one another.

The analog controls, at first impression, seem more intuitive because the user is given two separate joysticks:

Nonetheless, I found these controls pretty hard to manage and quickly switched to using the digital ones exclusively.

If you're feeling some kind of longing for such an old game, Duke Nukem 3D can be purchased right now on the App Store at just 0.79 Eur. Much less than an espresso, here in Spain.